Two-Factor Authentication is a more secure way of logging in to a website. In addition to entering a password online, a user has to enter a random verification code generated at login time. This combination of passwords makes it easier to safeguard your applications.

Historically companies that want to implement two-factor authentication distribute little devices to all of their employees that generate passcodes on demand. But these are expensive and get lost easily. With mOTP API you can set up your two-factor authentication system to run on a devices all of your employees already carry with them - their cellphone.

Usage

There are three steps involved in building a two-factor authentication system.

We want to collect the username, phone number.

Next, we want to generate and send that password via a second (non-email/web) channel that an attacker is unlikely to have.

Finally, compare our originally generated password against the submitted password.

1: Following code displays a simple login page, asking user to provide username and the phone number with international dialing code

<p>No matter what username you put into the initial box, the system will generate a one-time use password similar to an RSA token. Once this password is used, the user's session is set and the password is destroyed. In this particular case, we're not storing anything long term.</p>